CVE-2025-40106
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a divide-by-zero error in the Linux kernel's comedi_buf_munge() function. The function performs a modulo operation without checking if the divisor (chanlist_len) is zero. If a user program submits a command with chanlist_len set to zero, it causes a divide-by-zero error during data processing in the interrupt handler, potentially leading to a kernel panic. The fix adds a check for zero chanlist_len to prevent this error.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to panic due to a divide-by-zero error when processing malformed user commands with chanlist_len set to zero. This can lead to system crashes or instability, potentially disrupting services or applications relying on the affected kernel component.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the Linux kernel version that includes the fix for the divide-by-zero error in comedi_buf_munge(). This fix adds a check for zero chanlist_len to prevent kernel panics caused by malformed user commands.